<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Get categories API | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'ml-get-category.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/ml-get-category.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/ml-get-category.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/ml-get-category.html" rel="nofollow" target="_blank">../en/ml-get-category.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="rest-apis.html">REST APIs</a></span>
»
<span class="breadcrumb-link"><a href="ml-apis.html">Machine learning anomaly detection APIs</a></span>
»
<span class="breadcrumb-node">Get categories API</span>
</div>
<div class="navheader">
<span class="prev">
<a href="ml-get-calendar.html">« Get calendars API</a>
</span>
<span class="next">
<a href="ml-get-datafeed.html">Get datafeeds API »</a>
</span>
</div>
<div class="section xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="ml-get-category"></a>Get categories API<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ml/anomaly-detection/apis/get-category.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h2>
</div></div></div>

<p>Retrieves anomaly detection job results for one or more categories.</p>
<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="ml-get-category-request"></a>Request<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ml/anomaly-detection/apis/get-category.asciidoc">edit</a>
</h3>
</div></div></div>
<p><code class="literal">GET _ml/anomaly_detectors/&lt;job_id&gt;/results/categories</code><br></p>
<p><code class="literal">GET _ml/anomaly_detectors/&lt;job_id&gt;/results/categories/&lt;category_id&gt;</code></p>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="ml-get-category-prereqs"></a>Prerequisites<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ml/anomaly-detection/apis/get-category.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="ulist itemizedlist">
<ul class="itemizedlist">
<li class="listitem">
If the Elasticsearch security features are enabled, you must have <code class="literal">monitor_ml</code>,
<code class="literal">monitor</code>, <code class="literal">manage_ml</code>, or <code class="literal">manage</code> cluster privileges to use this API. You also
need <code class="literal">read</code> index privilege on the index that stores the results. The
<code class="literal">machine_learning_admin</code> and <code class="literal">machine_learning_user</code> roles provide these
privileges. See <a class="xref" href="security-privileges.html" title="Security privileges">Security privileges</a> and
<a class="xref" href="built-in-roles.html" title="Built-in roles">Built-in roles</a>.
</li>
</ul>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="ml-get-category-desc"></a>Description<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ml/anomaly-detection/apis/get-category.asciidoc">edit</a>
</h3>
</div></div></div>
<p>When <code class="literal">categorization_field_name</code> is specified in the job configuration, it is
possible to view the definitions of the resulting categories. A category
definition describes the common terms matched and contains examples of matched
values.</p>
<p>The anomaly results from a categorization analysis are available as bucket,
influencer, and record results. For example, the results might indicate that
at 16:45 there was an unusual count of log message category 11. You can then
examine the description and examples of that category. For more information, see
<a href="https://www.elastic.co/guide/en/machine-learning/7.7/ml-configuring-categories.html" class="ulink" target="_top">Categorizing log messages</a>.</p>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="ml-get-category-path-parms"></a>Path parameters<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ml/anomaly-detection/apis/get-category.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">&lt;category_id&gt;</code>
</span>
</dt>
<dd>
(Optional, long) Identifier for the category. If you do not specify this
parameter, the API returns information about all categories in the anomaly detection job.
</dd>
<dt>
<span class="term">
<code class="literal">&lt;job_id&gt;</code>
</span>
</dt>
<dd>
(Required, string)
Identifier for the anomaly detection job.
</dd>
</dl>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="ml-get-category-request-body"></a>Request body<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ml/anomaly-detection/apis/get-category.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">page</code>.<code class="literal">from</code>
</span>
</dt>
<dd>
(Optional, integer) Skips the specified number of categories.
</dd>
<dt>
<span class="term">
<code class="literal">page</code>.<code class="literal">size</code>
</span>
</dt>
<dd>
(Optional, integer) Specifies the maximum number of categories to obtain.
</dd>
</dl>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="ml-get-category-results"></a>Response body<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ml/anomaly-detection/apis/get-category.asciidoc">edit</a>
</h3>
</div></div></div>
<p>The API returns an array of category objects, which have the following
properties:</p>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">category_id</code>
</span>
</dt>
<dd>
(unsigned integer) A unique identifier for the category.
</dd>
<dt>
<span class="term">
<code class="literal">examples</code>
</span>
</dt>
<dd>
(array) A list of examples of actual values that matched the category.
</dd>
<dt>
<span class="term">
<code class="literal">grok_pattern</code>
</span>
</dt>
<dd>
<span class="Admonishment Admonishment--experimental">
[<span class="Admonishment-title u-mono">experimental</span>]
<span class="Admonishment-detail">
This functionality is experimental and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but experimental features are not subject to the support SLA of official GA features.
</span>
</span> (string) A Grok pattern that could be used in Logstash or an ingest
pipeline to extract fields from messages that match the category. This field is
experimental and may be changed or removed in a future release. The Grok
patterns that are found are not optimal, but are often a good starting point for
manual tweaking.
</dd>
<dt>
<span class="term">
<code class="literal">job_id</code>
</span>
</dt>
<dd>
(string)
Identifier for the anomaly detection job.
</dd>
<dt>
<span class="term">
<code class="literal">max_matching_length</code>
</span>
</dt>
<dd>
(unsigned integer) The maximum length of the fields that matched the category.
The value is increased by 10% to enable matching for similar fields that have
not been analyzed.
</dd>
<dt>
<span class="term">
<code class="literal">regex</code>
</span>
</dt>
<dd>
(string) A regular expression that is used to search for values that match the
category.
</dd>
<dt>
<span class="term">
<code class="literal">terms</code>
</span>
</dt>
<dd>
(string) A space separated list of the common tokens that are matched in values
of the category.
</dd>
</dl>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="ml-get-category-example"></a>Examples<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ml/anomaly-detection/apis/get-category.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="pre_wrapper lang-console">
<pre class="programlisting prettyprint lang-console">GET _ml/anomaly_detectors/esxi_log/results/categories
{
  "page":{
    "size": 1
  }
}</pre>
</div>
<div class="console_widget" data-snippet="snippets/1820.console"></div>
<p>In this example, the API returns the following information:</p>
<div class="pre_wrapper lang-js">
<pre class="programlisting prettyprint lang-js">{
  "count": 11,
  "categories": [
    {
      "job_id" : "esxi_log",
      "category_id" : 1,
      "terms" : "Vpxa verbose vpxavpxaInvtVm opID VpxaInvtVmChangeListener Guest DiskInfo Changed",
      "regex" : ".*?Vpxa.+?verbose.+?vpxavpxaInvtVm.+?opID.+?VpxaInvtVmChangeListener.+?Guest.+?DiskInfo.+?Changed.*",
      "max_matching_length": 154,
      "examples" : [
        "Oct 19 17:04:44 esxi1.acme.com Vpxa: [3CB3FB90 verbose 'vpxavpxaInvtVm' opID=WFU-33d82c31] [VpxaInvtVmChangeListener] Guest DiskInfo Changed",
        "Oct 19 17:04:45 esxi2.acme.com Vpxa: [3CA66B90 verbose 'vpxavpxaInvtVm' opID=WFU-33927856] [VpxaInvtVmChangeListener] Guest DiskInfo Changed",
        "Oct 19 17:04:51 esxi1.acme.com Vpxa: [FFDBAB90 verbose 'vpxavpxaInvtVm' opID=WFU-25e0d447] [VpxaInvtVmChangeListener] Guest DiskInfo Changed",
        "Oct 19 17:04:58 esxi2.acme.com Vpxa: [FFDDBB90 verbose 'vpxavpxaInvtVm' opID=WFU-bbff0134] [VpxaInvtVmChangeListener] Guest DiskInfo Changed"
      ],
      "grok_pattern" : ".*?%{SYSLOGTIMESTAMP:timestamp}.+?Vpxa.+?%{BASE16NUM:field}.+?verbose.+?vpxavpxaInvtVm.+?opID.+?VpxaInvtVmChangeListener.+?Guest.+?DiskInfo.+?Changed.*"
    }
  ]
}</pre>
</div>
</div>

</div>
<div class="navfooter">
<span class="prev">
<a href="ml-get-calendar.html">« Get calendars API</a>
</span>
<span class="next">
<a href="ml-get-datafeed.html">Get datafeeds API »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>